Information from 45 million forum accounts stolen in latest hack

The Canadian media company VerticalScope, which operates a number of support forums on a range of topics, was targeted by hackers who were able to obtain user information from around 45 million accounts.

Although news of the massive security breach has just surfaced thanks to LeakedSource, which collects information on data breaches, the actual hack took place in February when over 1,000 support forums and websites on tech, sports and other topics were infiltrated by unknown attackers.

Some of the most popular forums affected by the hack were Motorcycle.com, Pbnation.com, MobileCampsites.com and Techsupportforum.com. Luckily for the users of those and of the other countless other forums run by VerticalScope, as of now their user data has not been listed on the dark web or exposed publicly through a leak.

In response to the hack LeakedSource said: "Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale. Passwords were stored in various encryption methods but less than 10 per cent of the domains which account for a very small amount of leaked records used difficult to break encryption (less than a couple of million). Most of the records (over 40 million) were just MD5 with salting and this is insufficient."

VerticalScope has acknowledge the hack but refused to outright confirm it. The company has yet to make any public announcements regarding the security breach and it is currently investigating who and or what led to such a devastating attack on its systems.

Jerry Orban, the company's vice president of corporate development explained the extent of the security breach saying: "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies. We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users.

"In addition, we are reviewing our security policies and practices and in response to increased internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities."

Image Credit: Benoit Daoust / Shutterstock